Tutorial: Downloading SIEM logs

Learn how to download SIEM logs and output the data to a local folder or a syslog server using Python.

This script demonstrates how to use the /api/audit/get-siem-logs endpoint to download SIEM logs and output the data to a local folder or a syslog server.

The script is based on Python 2.7.

Preparation Steps

This sample script requires the Access Key and Secret Key from a Mimecast Authentication token for a Mimecast administrator with the Gateway | Tracking | Read permission.

By default an Authentication Token expires after 3 days, this means that your script would stop downloading data after 3 days without manual intervention.

Consequently, for the best experience you must create a new user and Authentication Profile defining a longer lived Authentication Token. Please see the Authentication (Scripts and Server Apps) guide for more information on this process.

Enable logging for your account

While logged into the Administration Console, navigate to the Administration | Account | Account Settings menu item to display the Account Settings page.